HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Reports

Detecting Subverted Cryptographic Protocols by Entropy Checking

Julien Olivain 1 Jean Goubault-Larrecq 1
1 SECSI - Security of information systems
LSV - Laboratoire Spécification et Vérification [Cachan], ENS Cachan - École normale supérieure - Cachan, Inria Saclay - Ile de France, CNRS - Centre National de la Recherche Scientifique : UMR8643
Abstract : What happens when your implementation of SSL or some other cryptographic protocol is subverted through a buffer overflow attack? You have been hacked, yes. Unfortunately, you may be unaware of it: because normal traffic is encrypted, most IDSs cannot monitor it. We propose a simple, yet efficient technique to detect most of such attacks, by computing the entropy of the flow and comparing it against known thresholds.
Document type :
Reports
Complete list of metadata

https://hal.inria.fr/hal-03200826
Contributor : Jean Goubault-Larrecq Connect in order to contact the contributor
Submitted on : Monday, April 19, 2021 - 10:53:48 AM
Last modification on : Friday, February 4, 2022 - 4:14:56 AM
Long-term archiving on: : Tuesday, July 20, 2021 - 6:09:54 PM

File

rr-lsv-2006-13.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03200826, version 1

Citation

Julien Olivain, Jean Goubault-Larrecq. Detecting Subverted Cryptographic Protocols by Entropy Checking. [Research Report] LSV-06-13, LSV, ENS Cachan. 2006. ⟨hal-03200826⟩

Share

Metrics

Record views

38

Files downloads

81